var entities = {
    '&' : '&amp;',
    '\'' : '&#39;',
    '\"' : '&quot;',
    '<' : '&lt;',
    '>' : '&gt;'
};

var xssReplace = function(str) {
    for ( var key in entities) {
        str = str.replace(new RegExp(key, 'g'), entities[key]);
    }

    return str;
};

var xss  = function(params){
    if (params && typeof params === 'object') {
        for (var i in params) {
            params[i] = (typeof params[i] === 'string') ? xssReplace(params[i]) : xss(params[i]);
        }
    } else if (typeof params === 'string'){
        params = xssReplace(params);
    }

    return params;
};

module.exports = xss;

